Luks Bruteforce : test all your passwords

A few years ago, I started using cryptographic capabilities of Linux to encrypt my usb keys, hard drives and laptop. More efficient against the usual bad guys than a root password, this gave me a pretty good privacy for personal and professional data ...

... Until that day when, after about a year without rebooting, one of my server rebooted and asked me for a passphrase ... which I obviously forgot!

I didn’t find anything on the Internet to bruteforce a Luks-encrypted partition, so here is the script I produced to help me do this efficiently ...

Brute-Force of Luks?

First and foremost, you should know that bruteforcing Luks is no easy task: the PBKDF2 norm, used by Luks, make it hard to brute-force : Luks doesn’t use the passphrase you give him as a source to decrypt data. It use your passphrase as a source for a very complex alogrithm, done a great number of times (in my case 191609 times), which, at the end, requires about 1 full second of CPU time on my server to compute the resulting key. As a result, for each pass tried on this machine, it will take 1 second to know if it’s the right one or not!

This protection is very effective to prevent the usual brute-force attack which consist of trying every possible password on a supercomputer ...

In my case, I had a pretty good idea of what could be that passphrase: "Courage is the ability to ignore your options." could be a good candidate, and "a great banker is a dead one" also ... but of course it was neither the first nor the second.

However, my passphrase could be one of those:

Courage is the ability to ignore your options.

Courage is the ability to ignore your options

"Courage is the ability to ignore your options."

courage is the ability to ignore your options.

courage is the ability to ignore your options

"courage is the ability to ignore your options."

courage is the ability to ignore your option

(Courage is the ability to ignore your option)

well... you can guess my problem: with or without quotes, or parenthesis, with or without period, coma, upcase characters etc. I had to find my passphrase among those 2 * 5 * 2^3 * 3 ... well, something like 10000 combinations...

But I really didn’t want to test them all by hand.

A program to brute-force Luks

Since I didn’t find any program on the Internet to help me bruteforcing Luks, I wrote this small php-script

This script allows you to try to open a luks partition (here /dev/md1, replace it by your partition name such as /dev/sda3 or /dev/mapper/encrypted-root) by trying every possible combinations from a set of possible passphrases and their variations.

Before using it, you need to:

replace /dev/md1 by your Luks partition;

replace the array of arrays by each passphrase this could be, with all their variations (with or without ., () space etc.).

replace the email address by your email: If the program find the right passphrase, it will tell you!

Launch this program, for example in a screen console, using php-cli, and let it blow your real passphrase (you will need patience, even more patience if the number of combinations is high)

This program saved me a nice bunch of personal data (here a 2TB hard drive with 15 years of photos...), enjoy it if it can help you in that way: it is distributed under GPL-v3 license.